performance hit in using too many if's
c0nw0nk
nginx-forum at forum.nginx.org
Mon Sep 26 16:10:00 UTC 2016
Anoop Alias Wrote:
-------------------------------------------------------
> Ok .. reiterating my original question.
>
> Is the usage of if / map in nginx config more efficient than say
> naxsi (
> or libmodsecurity ) for something like blocking SQL injection ?
>
> For example,
> https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_cor
> e.rules
> rules 1000-1099 - blockes sql injection attempt
>
> So ..do (to a limited extent )
>
> ## Block SQL injections
> set $block_sql_injections 0;
> if ($query_string ~ "union.*select.*\(") {
> set $block_sql_injections 1;
> ............
> .....................
> if ($block_file_injections = 1) {
> return 403;
> }
>
>
>
> From the point of application performance which one is better .. ?
> Performance for a shared hosting server with around 500 vhosts.
I would advise if your application is vulnerable to use Naxsi because it can
intercept post requests the example you provided is "$query_string"
(intercepts the URL) For example : http://*.com/index.php?id=10 UNION SELECT
1,null,null--
I don't think Nginx has a way to read POST data other than the WAF methods
like Naxsi ModSecurity etc.
https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#URL_Encoding
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269808,269857#msg-269857
More information about the nginx
mailing list